Hybrid Cryptography: Off-The-Record Framework
Privacy is daily concern for many Internet users. Eavesdropping user's content and using it for various reasons are not desired by most application users. Trusting communication channel, service provider, or the government to not intercept your content is not a good enough idea.
OTR framework solves this problem by cryptographically processing the user's content in transit and at rest. No eavesdropper can read the content, not even the service provider.
This framework currently has a Java library.
Simpler Java Interface
Bob sending message
OTRClient bobClient = OTRClient.get(config); bobClint.login("bob", "password"); bobClient.sendMessage("Hello Alice", ALICE_USER_ID);
Alice recieving message
OTRClient aliceClient = OTRClient.get(config); aliceClient.login("alice", "password"); aliceClient.readMessages();
OTR4J uses hybrid cryptography system. It uses RSA and ECDH for key exchanges and AES encryption. Technical details of protocol an be found here.
You can find the OWASP support here: https://www.owasp.org/index.php/OWASP_Off_the_record_4_Java_Project
There are multiple ways for you to participate in the project.
Feature request: Raise your feature request here with detailed information.
Contribute code: Pick an open issue, forkoff the github repository and create PR.
Help through awareness: One of the quarter goal is to spread awareness.
You can help here by mentioning this project in your blog, tweets and through any other media.
This tutorial was originally posted by the author here. This version has been edited for clarity and may appear different from the original post.